NDC Sydney 2018

Friday, September 21, 2018
11:10 AM 12:10 PM 11:10 12:10

Hilton Sydney (map)

Google Calendar ICS

The Boring Security Talk

Troy Hunt and Scott Helme have spoken about all the exciting security things, so let’s talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits. In this talk, we’ll look at the security of our package dependencies, CI/CD tools, how we send email and even resolve hostnames. Over the last few months, hackers have managed to inject cryptocurrency miners into all these places. Security incidents in these components might not result in an entry in Have I Been Pwned?, but they'll result in a bad day.

Website: Homepage

Audience: Developers

Audience Size: ~40

Feedback: 31/32 Green, 1/32 Yellow, 0/32 Red. 96.88% Positive Feedback.

Slides

The Boring Security Talk from kieranjacobsen

Video

Troy Hunt and Scott Helme have spoken about all the exciting security things, so let's talk about the boring bits! When we think about application and infrastructure security, we often think about the big shiny things and forget the boring bits.

Tweets

OH: @kjacobsen: “Companies have corporate policies to protect brand - logo, fonts, colours etc. - why should your domain be any different; it’s an important part of your brand”. Kieran is saying that companies need to take control of who sends emails using your domain #ndcsydney
— Robert Daniel Moore (@robdmoore) September 21, 2018

LOL #dns @kjacobsen OH: “In my experience most companies struggle to explain over half of their DNS entries” #ndcsydney pic.twitter.com/fTFZf81ciQ
— Robert Daniel Moore (@robdmoore) September 21, 2018

OH: @kjacobsen: “If I had a dollar for every time an outage was caused by DNS I’d be a rich man. I might even have enough to own a JetSki like @troyhunt.” #ndcsydney pic.twitter.com/YKDiQSmIzA
— Robert Daniel Moore (@robdmoore) September 21, 2018

.@kjacobsen’s DNS pro-tip is to use DNS Control #ndcsydney pic.twitter.com/BBt2EYtwwi
— Robert Daniel Moore (@robdmoore) September 21, 2018

OH: @kjacobsen: “Pull requests highlight your changes in a way that ITIL promised but never delivered” #realtalk #shotsfired #ndcsydney
— Robert Daniel Moore (@robdmoore) September 21, 2018

Really interested to learn how @kjacobsen is using @AzureDevOps and Azure Pipelines to manage and deploy DNS changes. Great use of pipelines for managing ops! #NDCSydney pic.twitter.com/bV9g9UFLgY
— Edward Thomson 🚀 (@ethomson) September 21, 2018

OH: @kjacobsen: “All of the domains and sub domains you own are part of your corporate brand. You need to protect them. Don’t let any domains lapse” #ndcsydney
— Robert Daniel Moore (@robdmoore) September 21, 2018

Solid advice from @kjacobsen for securing CI/CD systems. #ndcsydney pic.twitter.com/TeMuAEsHe2
— Robert Daniel Moore (@robdmoore) September 21, 2018

pic.twitter.com/S78XGD2Mrr
— Robert Daniel Moore (@robdmoore) September 21, 2018

Also - patching and be careful with PR validation
— Robert Daniel Moore (@robdmoore) September 21, 2018

OH: @kjacobsen: “Email is the service we all have but don’t want. We like to think we don’t use email anymore and it’s still dying, but we still use it to talk to customers and suppliers and for password resets” #ndcsydney pic.twitter.com/tEAsOp9kDn
— Robert Daniel Moore (@robdmoore) September 21, 2018

Shots fired by @kjacobsen: “If you are a tool vendor and you don’t support SSO then as head of IT I’m looking for another vendor. It’s 2018, if you don’t have so then your tool is insecure” #ndcsydney
— Robert Daniel Moore (@robdmoore) September 21, 2018

Tagged security, NDC, Sydney

Kieran Jacobsen

NDC Sydney 2018

The Boring Security Talk

Slides

Video

Tweets